store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Jul 26, 2014 5:07 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: ASL Kernel problem "Internal Server Error"
Unread postPosted: Sat Aug 13, 2011 9:31 pm 
Offline
Forum User
Forum User

Joined: Wed Aug 10, 2011 5:52 pm
Posts: 12
Location: US
Hi all,

When I tried to install the ASL Kernel many problems occur. The first problem started when all the websites stopped working and this message appeared “Internal server error 500”. After that, I tried to change the kernel. The technical support told me that this has lead to PHP Binaries corruption. I do not know how to overcome this defect which has lead to stopping all my websites for one whole day and caused me huge harm and loss.


Best Regards,
VistaTac


Top
 Profile  
 
 Post subject: Re: ASL Kernel problem "Internal Server Error"
Unread postPosted: Sat Aug 13, 2011 9:37 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3600
Location: Chantilly, VA
Thank you for the question. What do you see in /var/log/messages? If the kernel does anything, it will always log it there.

If I had to guess, its probably that something on your system set PHP to smash your stack, and the kernel is preventing this (standard PHP installations do not have this problem, so I'm guessing it must be a source install of PHP, perhaps from cpanel). I've seen products like cpanel and splunk set php and openssl to be smashable which opens a massive hole in your system. Neither php nor openssl need to be configured in this manner to work correctly, so so why they do this is a mystery, its not necessary.

Check your logs for entries such as these:

Jun 8 09:14:16 system kernel: php[5963]: segfault at a801cecc ip a800809b sp bff43d70 error 7 in ld-2.5.so[a8001000+1b000]

Jun 8 09:14:11 system kernel: grsec: From 207.46.13.89: Segmentation fault occurred at a622eecc in /usr/bin/php[php:5952] uid/euid:590/590 gid/egid:590/590, parent /usr/local/apache/bin/httpd[httpd:5684] uid/euid:99/99 gid/egid:99/99

And then read this FAQ, which explains the simple process to remove this unnecessary hole on your system so you can run PHP securely.

https://www.atomicorp.com/wiki/index.ph ... _segfaults

Update: I just logged into your box (I hope you dont mind, but since I helped you last night I figured it might be faster to do this for you quickly), and indeed you do have the segfault errors explained in the FAQ above, so thats all it was, just a configuration setting for PHP:

Aug 13 11:48:08 host kernel: php[28273]: segfault at 7347c3c57da0 ip 00007347c3a419ec sp 00007fffec32ad20 error 7 in ld-2.5.so[7347c3a3b000+1c000]
Aug 13 11:48:08 host kernel: php[28275]: segfault at 62a51e1f9da0 ip 000062a51dfe39ec sp 00007fff012dfd20 error 7 in ld-2.5.so[62a51dfdd000+1c000]
Aug 13 11:48:08 host kernel: php[28276]: segfault at 649fe7a0cda0 ip 0000649fe77f69ec sp 00007fffb90bfd30 error 7 in ld-2.5.so[649fe77f0000+1c000]

So, all you just need to do is clear the wildly insecure smash-stack flags per the FAQ above, and you will be 100% good to go and secure.

Quote:
The technical support told me that this has lead to PHP Binaries corruption.


I think they may not know what they are talking about, thats just not even possible. I'm sorry to tell you this, but I think your technical support may not be as technical you might hope. :-(

Maybe they dont understand what a segfault is? Anyway, thats all that was happening, your PHP binaries were fine, and they are fine now (although it looks like someone felt they needed to install them again, which was also not necessary).

# php -v
PHP 5.2.17 (cli) (built: Aug 14 2011 01:10:03)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator
with the ionCube PHP Loader v4.0.9, Copyright (c) 2002-2011, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH

You just need to remove the stacksmash flags from the libraries explained in the FAQ above. Or use a package managed PHP and this will happen automatically. I believe you are using cpanel, so thats probably not possible as understand it cpanel compiled PHP from source (and its not even the latest PHP... why do they do this when they can just use the systems PHP which is newer?), so you'll have to clear the flags yourself. Again, its easy to do, and your system will be much more secure after you do it.

Anyway, I hope this helps, and if you can't sort out the libraries to secure let me know. Its actually pretty much a snap, you can usually find the includes in your php.ini file. I dont recall offhand where cpanel puts this, but a "locate php.ini" should find it for you.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group